On Fri, 03 Oct 2008 07:32:44 -0700 Bill Sommerfeld <sommerfeld at sun.com> wrote: > In a securely-configured MLS environment, systems not running an MLS > operating system will never receive a packet with an MLS label -- if > they did, that inherently means that an MLS system somewhere is > misconfigured and information is flowing in violation of the MLS > policy. > > It is IMHO not necessary to specify what a label-unaware system should > do with a labeled packet -- if they get one at all, it's a serious > error on the part of the sender. > Actually, 793 disagrees: The security paramaters may be used even in a non-secure environment (the values would indicate unclassified data), thus hosts in non-secure environments must be prepared to receive the security parameters, though they need not send them. The question is how realistic that statement is. --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ saag mailing list saag at ietf.org https://www.ietf.org/mailman/listinfo/saag
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.